For a long period of time, my Apache root directory has been /home/httpd. For security reasons, this is not so good as SELinux has informed me. Now all of the files have been copied to /var/www/etc with owner and group "root". The privileges are 754 (rwxr-xr--), however apache does not have access to them. Should the owner be apache? Group? Todd -- Ariste Software Petaluma, CA 94952 http://www.aristesoftware.com
On 4/11/2011 2:50 PM, Todd Cary wrote:> For a long period of time, my Apache root directory has been > /home/httpd. For security reasons, this is not so good as > SELinux has informed me. Now all of the files have been copied > to /var/www/etc with owner and group "root". The privileges are > 754 (rwxr-xr--), however apache does not have access to them. > Should the owner be apache? Group? > > Todd >Forgot to say that I am using Centos 5.5. Todd -- Ariste Software Petaluma, CA 94952 http://www.aristesoftware.com
>For a long period of time, my Apache root directory has been >/home/httpd. For security reasons, this is not so good as >SELinux has informed me. Now all of the files have been copied >to /var/www/etc with owner and group "root". The privileges are >754 (rwxr-xr--), however apache does not have access to them. >Should the owner be apache? Group?Well, does your conf.d/foo.conf point to that dir? By default that's still not right. Are there any directories in there, as 754 wont let apache in...
Todd Cary <todd at aristesoftware.com> wrote:>>The privileges are 754 (rwxr-xr--), however apache does not have access to them. Should the owner be apache? Group? << It's probably the SELinux labels preventing access - I stumbled across this yesterday while setting up a local mirror to deploy 5.6. Do an ls -lZ on the stuff in /var/www/html - it should look something like this: drwxr-xr-x root root system_u:object_r:httpd_sys_content_t CentOS You've probably got the wrong user and type on your files. Use chcon to change them - from memory chcon -R -u system_u -t httpd_sys_content_t I hope that gets it for you. Best, --- Les Bell [http://www.lesbell.com.au] Tel: +61 2 9451 1144
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/11/2011 05:50 PM, Todd Cary wrote:> For a long period of time, my Apache root directory has been > /home/httpd. For security reasons, this is not so good as > SELinux has informed me. Now all of the files have been copied > to /var/www/etc with owner and group "root". The privileges are > 754 (rwxr-xr--), however apache does not have access to them. > Should the owner be apache? Group? > > Todd >Did you run restorecon -R -v /var/www -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2kVasACgkQrlYvE4MpobNoywCffYWPhXp/NgK7hRWmr4A4BjGA JHoAnAj+9YJGtiGg9pDLkgT9Ea50d3Gz =Ls7a -----END PGP SIGNATURE-----
On 04/11/2011 04:50 PM, Todd Cary wrote:> For a long period of time, my Apache root directory has been > /home/httpd. For security reasons, this is not so good as > SELinux has informed me. Now all of the files have been copied > to /var/www/etc with owner and group "root". The privileges are > 754 (rwxr-xr--), however apache does not have access to them. > Should the owner be apache? Group? > > Todd >You will need give the user who is running the httpd daemon (apache by default) the required access to the files. If you have things that need to be written, you will need to give that user (again, apache by default) write access to those files/directories. You control who an httpd instance runs as in the httpd.conf file ... look for User and Group in your httpd.conf file. This will tell you for the default install: egrep '^User|^Group' /etc/httpd/conf/httpd.conf You will need to set user and/or group permissions on your directory as required based on who is running the httpd daemon. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 253 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20110412/d58e5e8e/attachment-0005.sig>